https://github.com/nudin/ansiblefs
Simple file system to mount ansible vaults
https://github.com/nudin/ansiblefs
Last synced: 2 months ago
JSON representation
Simple file system to mount ansible vaults
- Host: GitHub
- URL: https://github.com/nudin/ansiblefs
- Owner: Nudin
- License: apache-2.0
- Created: 2022-05-23T11:37:07.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-05-25T12:02:03.000Z (almost 3 years ago)
- Last Synced: 2025-01-05T15:43:37.738Z (4 months ago)
- Language: Python
- Size: 10.7 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
ansiblefs – mount your ansible vaults
=====================================
With ansiblefs you can mount a directories containing ansible vault files, and
will see them unencrypted on the mountpoint. This allows you to use the common
terminal commands like `cat`, `grep`, `rg`, `sed`, `awk` just as if the files
where unencrypted.
Usage
-----
```
$ ./ansiblefs.py vault_directory -opassword=YOURPASSWORD mountpoint
```
Limitation
----------
This more a hack then a fully featured file system. You can walk the file
structure and read and write to files, append to files and create new files.
Features like truncate, sparse files, etc. are not supported.
Security Implications
---------------------
Obviously when mounted every application with proper file rights can read the
content. If this decreases you security depends on your setup and especially to
how you currently work with vaults.
The unencrypted data is not saved to disk. However in the case that the memory
gets full, the kernel might write it to swap.
If the vaults contain very sensitive data you might consider using mount
namespaces to restrict access to the plain text files.